MidnightBSD

Advisories for cavium

CVE-2017-17428 HIGH

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco ace30_application_control_engine_module_firmware 3.0(0)a5(3.0)
cisco adaptive_security_appliance_5520_firmware 9.1(7.16)
cisco webex_meetings t31
cavium nitrox_v_ssl_sdk *
cisco ace4710_application_control_engine_firmware 3.0(0)a5(2.0)
cavium nitrox_ssl_sdk *
cisco ace30_application_control_engine_module_firmware 3.0(0)a5(3.5)
cavium octeon_sdk *
cisco ace4710_application_control_engine_firmware 3.0(0)a5(3.5)
cisco adaptive_security_appliance_5510_firmware 9.1(7.16)
cisco webex_conect_im 7.24.1
cisco ace4710_application_control_engine_firmware 3.0(0)a5(3.0)
cisco webex_meetings t32
cisco adaptive_security_appliance_5505_firmware 9.1(7.16)
cavium octeon_ssl_sdk *
cisco adaptive_security_appliance_5540_firmware 9.1(7.16)
cisco ace30_application_control_engine_module_firmware 3.0(0)a5(2.0)
cisco adaptive_security_appliance_5550_firmware 9.1(7.16)
cavium turbossl_sdk *